Mailing List Archive

On Sun, 17 Feb 2002, Csillag Zsolt <starsoft@interware.hu> wrote,

>
> Hi!
>
> I'm developing a cgi application. I don't want to tell the whole story, in
> brief the
> cgi works from command line and not from the web browser.
>
> I've tried everything, my last try is to run Apache with root (currently is
> running with wwwrun user)
>
> I use Suse 7.1
>
> Can you help me?

Well, no, unless you tell us what's the error. The browser may tell you the
error, but the error log will tell more for sure.


--
san->http(www.trabas.com)



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

I ran into this as well, I have a script that I needed to run as root
from apache. By default the version of apache I use runs as the user apache and
I tried running i as root but there are issues when doing so. The way I got
around this was I kept running apache as the user apache. I then enabled rsh
on the server only from the user "apache" and only from the machine "localhost".
( I am using RedHat which uses xinetd.d instead of inetd. I am not sure which
Suse uses.) To enable rsh to root as the user apache I edited roots .rhosts
file and I added the line

127.0.0.1 apache

I then had to add the line

rsh

to the file

/etc/securetty

I then had to edit /etc/xinetd.d/rsh to enable rsh then restart xinetd by
running

service xinetd restart

I think in Suse you will have to edit /etc/inetd.conf and run

service inetd restart ( not sure ).

Anyway, from the perl script that I was running from the web browser I made a
system call out to another script but I did it through rsh, like this

system("rsh -l root localhost /var/www/cgi-bin/scriptname");

I think that is pretty much all I had to do. Be careful and test that rsh
works only from localhost and only as the user "apache". Also, if you want to
pass any parameters to the new script you are running as root be careful. If
it is sensative information ( like a user's password in my case ) the rsh line
you run appears in a log file, I believe it was either

/var/log/messages or /var/log/httpd/access_log

I ended up writing the info I wanted to pass to a file and handed that filename
to the new script then the new script retrieved the data and deleted the file.

Apache does let you run as what is called "suexec" but I read in the their
documentation that it will not let you do so as root at this time ( I bet they
are worried about being hacked. ) Make sure the script are going to run is
torture tested so it cannot be hacked. If so you are letting a potential
unknown user run a script as root.






Quoting Csillag Zsolt <starsoft@interware.hu>:

>
> Hi!
>
> I'm developing a cgi application. I don't want to tell the whole story,
> in
> brief the
> cgi works from command line and not from the web browser.
>
> I've tried everything, my last try is to run Apache with root (currently
> is
> running with wwwrun user)
>
> I use Suse 7.1
>
> Can you help me?
>
> When I modify httpd.conf to root I get an error message.
>
> Please write me in detail since I'm relative new to Linux.
>
> Thank you in advance
>
> Zsolt Csillag
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Hi,

The only thing I asked for is how to run apache as root :-)
(maybe you misunderstood the question)

I only explained briefly,why I need this information.

Thank you

Zsolt Csillag
Hungary

At 18:30 2002.02.17. +0700, you wrote:
>On Sun, 17 Feb 2002, Csillag Zsolt <starsoft@interware.hu> wrote,
>
> >
> > Hi!
> >
> > I'm developing a cgi application. I don't want to tell the whole story, in
> > brief the
> > cgi works from command line and not from the web browser.
> >
> > I've tried everything, my last try is to run Apache with root (currently is
> > running with wwwrun user)
> >
> > I use Suse 7.1
> >
> > Can you help me?
>
>Well, no, unless you tell us what's the error. The browser may tell you the
>error, but the error log will tell more for sure.
>
>
>--
>san->http(www.trabas.com)
>
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

On Sun, 2002-02-17 at 13:12, Csillag Zsolt wrote:
> The only thing I asked for is how to run apache as root :-)
> (maybe you misunderstood the question)

the short version is "You can't". You need to write a suid wrapper for
your script, since most scripts can't be setuid.

-jon

--
jon@divisionbyzero.com || www.divisionbyzero.com
gpg key: www.divisionbyzero.com/pubkey.asc
think i have a virus? www.divisionbyzero.com/pgp.html
"You are in a twisty little maze of Sendmail rules, all confusing."